Secure Code Execution for Artificial Intelligence Agents

1. A method for securely executing code blocks for artificial intelligence (AI) agents, comprising: receiving, from a user device, an input associated with an AI agent; executing the AI agent by an agent executor, wherein the AI agent includes a code block for executing a customer script; creating a nano sandbox for executing the customer script of the code block, including: binding system resources as read-only to the nano sandbox; binding a temporary directory to the nano sandbox; and defining network access within the nano sandbox; seeding an input variable within the nano sandbox for use with the customer script; executing the customer script within the temporary directory of the nano sandbox, the customer script utilizing the input variable, wherein the execution of the customer script results in writing to an output file in the nano sandbox; copying an output from the output file to a location outside of the nano sandbox; and destroying the nano sandbox.

2. The method of claim 1, wherein the customer script is a Python script that a customer assigns to the code block.

3. The method of claim 1, wherein the input variable is generated by a prior an agent object of the AI agent that executes prior to the code block.

4. The method of claim 1, wherein the input variable is retrieved from a read-only file included in the nano sandbox.

5. The method of claim 4, wherein the read-only file includes the input received from a user device, and wherein a result based on the output is displayed at the user device.

6. The method of claim 1, further comprising reading client data from a file in the nano sandbox, wherein the client data is used in executing the customer script.

7. The method of claim 1, wherein a subprocess executes the customer script within the temporary directory.

8. The method of claim 7, wherein the output and an error are written to the output file.

9. The method of claim 1, wherein defining the network access includes enabling the network access.

10. The method of claim 1, wherein creating the nano sandbox includes clearing environmental variables.

11. The method of claim 1, wherein creating the nano sandbox includes dropping all Linux capabilities.

12. The method of claim 1, wherein the customer script is wrapped in logic to seed the input variable and capture the output for writing to the output file.

13. The method of claim 1, further comprising deploying a Python toolkit that is a Python webservice, wherein the Python toolkit creates the nano sandbox.

14. The method of claim 13, wherein the Python toolkit includes an application programming interface (“API”) and a NuGet package, and wherein the agent executor utilizes the API to receive the output.

15. The method of claim 1, wherein a user interface (“UI”) of an AI platform includes an option for adding the code block to the AI agent, wherein the UI includes a window for inserting the customer script into the code block.

16. The method of claim 15, wherein the UI allows a user to at least: select agent objects including a dataset, an AI model, and the code block; connect the agent objects in a sequence for execution as the AI agent; and simulate execution of the AI agent, wherein the simulated execution causes the creating and destroying of the nano sandbox as part of executing the code block.

17. The method of claim 1, wherein creating the nano sandbox includes unsharing namespaces, wherein unsharing namespaces disables networks access and defining the network access enables the network access.

18. The method of claim 1, further comprising placing, into the nano sandbox, a first read-only file that is used to seed the input variable and a second read-only file that is used to seed a customer data variable, wherein both the input variable and the customer data variable are used in the execution of the customer script.

19. A non-transitory, computer-readable medium containing instructions for securely executing code blocks for artificial intelligence (AI) agents, wherein the instructions are executed by at least one processor to perform stages comprising: receiving, from a user device, an input associated with an AI agent; executing the AI agent by an agent executor, wherein the AI agent includes a code block for executing a customer script; creating a nano sandbox for executing the customer script of the code block, including: binding system resources as read-only to the nano sandbox; binding a temporary directory to the nano sandbox; and defining network access within the nano sandbox; seeding an input variable within the nano sandbox for use with the customer script; executing the customer script within the temporary directory of the nano sandbox, the customer script utilizing the input variable, wherein the execution of the customer script results in writing to an output file in the nano sandbox; copying an output from the output file to a location outside of the nano sandbox; and destroying the nano sandbox.

20. A system for securely executing code blocks for artificial intelligence (AI) agents, the system comprising: at least one physical non-transitory, computer-readable medium including instructions; and at least one processor that executes the instructions to perform stages comprising: receiving, from a user device, an input associated with an AI agent; executing the AI agent by an agent executor, wherein the AI agent includes a code block for executing a customer script; creating a nano sandbox for executing the customer script of the code block, including: binding system resources as read-only to the nano sandbox; binding a temporary directory to the nano sandbox; and defining network access within the nano sandbox; seeding an input variable within the nano sandbox for use with the customer script; executing the customer script within the temporary directory of the nano sandbox, the customer script utilizing the input variable, wherein the execution of the customer script results in writing to an output file in the nano sandbox; copying an output from the output file to a location outside of the nano sandbox; and destroying the nano sandbox.